STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Word 2016 Security Technical Implementation Guide

V-238126

CAT II (Medium)

Files from the Internet zone must be opened in Protected View.

Rule ID

SV-238126r961086_rule

STIG

Microsoft Word 2016 Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-001662

Discussion

This policy setting allows for determining if files downloaded from the Internet zone open in Protected View. If enabling this policy setting, files downloaded from the Internet zone do not open in Protected View. If disabling or not configuring this policy setting, files downloaded from the Internet zone open in Protected View.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2016 -> Word Options -> Security -> Trust Center -> Protected View "Do not open files from the Internet zone in Protected View" is set to "Not Configured" or "Disabled". 

Procedure: Use the Windows Registry Editor to navigate to the following key: 

HKCU\Software\Policies\Microsoft\Office\16.0\word\security\protectedview

Criteria: If the value DisableInternetFilesInPV is REG_DWORD = 0, this is not a finding.
If the value does not exist, this is not a finding.
If the value is REG_DWORD = 1, then this is a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2016 -> Word Options -> Security -> Trust Center -> Protected View "Do not open files from the Internet zone in Protected View" to "Not Configured" or "Disabled".